A hash function family is called correlation intractable if for all sparse relations, it is hard to
find, given a random function from the family, an input-output pair that satisfies the relation …

We exhibit a hash-based storage auditing scheme which is provably secure in the random-
oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash …

We study the problem of malleability of Bitcoin transactions. Our first two contributions can
be summarized as follows:(i) we perform practical experiments on Bitcoin that show that it is …

Modern digital signature schemes can provide more guarantees than the standard notion of
(strong) unforgeability, such as offering security even in the presence of maliciously …

The BUFF transform is a generic transformation for digital signature schemes, with the
purpose of obtaining additional security properties beyond standard unforgeability, eg …

This paper provides a (standard-model) notion of security for (keyed) hash functions, called
UCE, that we show enables instantiation of random oracles (ROs) in a fairly broad and …

We show that the widely deployed RSA-OAEP encryption scheme of Bellare and Rogaway
(Eurocrypt 1994), which combines RSA with two rounds of an underlying Feistel network …

We undertake a general study of hash functions secure under correlated inputs, meaning
that security should be maintained when the adversary sees hash values of many related …

In end-to-end encrypted (E2EE) messaging systems, protecting communication metadata,
such as who is communicating with whom, at what time, etc., remains a challenging …

The random oracle methodology has proven to be a powerful tool for designing and
reasoning about cryptographic schemes, and can often act as an effective bridge between …